<?php
/**
 * @author 	barbarosalcin
 * @desc	ajax_admin_users
 * @version	$Id: 20110317
 * @package	admin
 */

$error = '';
if(!defined('IN_ADMINPAGE'))
{
	$error = 'unauthorized';
	goto end;
}

foreach ( $_POST as $key => $value )
{
	$_POST[$key] = str_replace("\n", '', $_POST[$key]);
	$_POST[$key] = str_replace("\r\n", '', $_POST[$key]);
	$_POST[$key] = preg_replace('%^<br />$%', '', $_POST[$key]);
	${$key} = $_POST[$key];
	if($item_array[$key] == 'number')
	{
		${$key} = (int) ${$key}; 
	}
}

if ($_POST['act'] == 'additem')
{
	if($tk->session->data['user_level'] != ADMIN) {
		$error = 'access_denied';
		goto end;
	}
	$createtime = $config['time'];
	$user_active = 1;

	$user_password = md5($user_plain_password);
	
	if ($user_plain_password == '' || $username == '' || !$user_level)
	{
		$error = 'data_required';
		goto end;
	}
	
	eval("\$item_fields_additem = \"$item_fields_additem\";");
	
	$sql = "INSERT INTO $item_table ($item_fields,user_regdate,user_uuid,user_password,user_active) VALUES($item_fields_additem,'$createtime','" . md5($createtime . $username) . "','$user_password','$user_active')";
	
	if (! ($result = $tk->db->sql_query($sql)))
	{
		$error = 'sql';
		goto end;
	}
	$data_json = array(
			'header' => $lang['success_header'], 
			'message' => $lang[$pagename][$_POST['act']]['success'], 
			'xhr_status' => '1');
	$tk->page->_pv['json'] = 1;
	$tk->page->_pv['data_json'] = json_encode($data_json);
	
	return;
}
if ($_POST['act'] == 'manitem')
{
	if($tk->session->data['user_level'] != ADMIN) {
		$error = 'access_denied';
		goto end;
	}
	
	$user_id = (int) $user_id;
	
	if ($username == '' || !$user_level)
	{
		$error = 'data_required';
		goto end;
	}
		
	eval("\$item_fields_manitem = \"$item_fields_manitem\";");
	
	if($user_plain_password != '')
	{
		$user_password = md5($user_plain_password);
		$update_password = ",user_password = '$user_password'"; 
	}
	
	$sql = "UPDATE $item_table set $item_fields_manitem $update_password WHERE user_id='$user_id'";
	if (! ($result = $tk->db->sql_query($sql)))
	{
		$error = 'sql';
		goto end;
	}
	$data_json = array(
			'header' => $lang['success_header'], 
			'message' => $lang[$pagename][$_POST['act']]['success'], 
			'xhr_status' => '1');
	$tk->page->_pv['json'] = 1;
	$tk->page->_pv['data_json'] = json_encode($data_json);
	
	return;
}

end: